Jared Tims
Jared Tims

Reputation: 349

share authentication cookie between .Net Core Web Apps

I would like to Authenticate in App1 and then click a link to App2 and not have to authenticate. I figure a very common scenario. And this doc says it is super easy to achieve. So I created a Identity Authenticating app verbatim of the instructions here.

I applied the 2 extra lines of code as suggested in the doc

services.AddDataProtection()
    .PersistKeysToFileSystem("{PATH TO COMMON KEY RING FOLDER}")
    .SetApplicationName("SharedCookieApp");

services.ConfigureApplicationCookie(options => {
    options.Cookie.Name = ".AspNet.SharedCookie";
});

I then and deployed it to my local IIS server(https://localhost/App1) and it was working perfectly.

For App2, I applied the same two lines of code as above and deployed it to my local IIS server(https://localhost/App2). After authenticating to App1 and then clicking the link to App2, i got an error "No authenticationScheme was specified, and there was no DefaultChallengeScheme found". I figured that had to be missing something in App2, but the doc only ever sites those two lines of code. Anyhow, I tried adding each of the following(not all at the same time) 4 options to make it happy and nothing worked.

    services.AddAuthentication("Identity.Application");

    services.AddAuthentication();//fails asking for default schema and challenge

    services.AddDefaultIdentity<IdentityUser>().AddEntityFrameworkStores<SharedAuthContext>();//fails

    services.AddAuthentication(options =>
    {
        options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    });

Something is obviously missing from App2, but i cannot figure it out?

Upvotes: 1

Views: 1477

Answers (1)

abdusco
abdusco

Reputation: 11131

CookieAuthenticationDefaults.AuthenticationScheme is a constant string with value "Cookies".

Identity framework uses different names for its cookies.

  • IdentityConstants.ApplicationScheme -> "Identity.Application"
  • IdentityConstants.ExternalScheme -> "Identity.External" (we're not interested in this)

So you should change the names to

services.AddAuthentication(options => {
    options.DefaultScheme = "Identity.Application";
    options.DefaultChallengeScheme = "Identity.Application";
}).AddCookie("Identity.Application", options => { ... });

Also refer to Microsoft docs on sharing cookies between apps.

https://learn.microsoft.com/en-us/aspnet/core/security/cookie-sharing?view=aspnetcore-5.0

Upvotes: 3

Related Questions